Medium
CVE-2009-3423
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Tag: Unauthenticated/Unauthorized Access
All CVEs associated with "Unauthenticated/Unauthorized Access". Page 123/128 • 15317 CVEs.
Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access” · RSS (High+Critical only)
About “Unauthenticated/Unauthorized Access”
A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15317 CVEs for this tag (all time). In the last 365 days, 3826 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2009-09-25
Medium
CVE-2009-3422
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Critical
CVE-2009-3421
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
2009-09-17
Critical
CVE-2009-3232
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which ca…
Medium
CVE-2009-3231
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty pass…
2009-09-08
Critical
CVE-2009-3109
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a cl…
Medium
CVE-2009-3107
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authenti…
High
CVE-2008-7179
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in…
2009-09-01
Medium
CVE-2008-7138
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.
2009-08-28
Critical
CVE-2008-7115
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct req…
2009-08-27
Medium
CVE-2008-7100
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user action…
2009-08-26
High
CVE-2008-7086
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
2009-08-25
Critical
CVE-2008-7081
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the…
High
CVE-2008-7066
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password paramete…
2009-08-24
High
CVE-2008-7051
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.p…
High
CVE-2008-7050
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required argume…
High
CVE-2008-7047
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
Medium
CVE-2008-7046
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045.…
Medium
CVE-2008-7045
AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php.
High
CVE-2008-7041
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
High
CVE-2003-1574
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some o…
2009-08-21
High
CVE-2008-7028
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.
High
CVE-2008-7027
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
Medium
CVE-2008-7024
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the…
Critical
CVE-2008-7023
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authenticat…
High
CVE-2008-7019
Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.
2009-08-19
Medium
CVE-2008-7008
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
High
CVE-2008-7007
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.
Medium
CVE-2008-7006
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
Medium
CVE-2008-6984
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins w…
2009-08-14
High
CVE-2009-2770
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
Critical
CVE-2009-1048
The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to byp…
2009-08-13
High
CVE-2009-2088
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters…
High
CVE-2008-6966
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
High
CVE-2008-6965
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass au…
High
CVE-2008-6963
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.
2009-08-12
High
CVE-2008-6947
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
High
CVE-2008-6939
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by set…
2009-08-10
High
CVE-2008-6919
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."
2009-08-07
High
CVE-2009-0669
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO networ…
Critical
CVE-2008-6916
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
High
CVE-2008-6912
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
2009-07-28
High
CVE-2009-2642
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
2009-07-14
Critical
CVE-2009-1977
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NO…
Medium
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server…
High
CVE-2008-6864
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6863
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6862
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6861
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6860
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6859
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6858
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6857
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6856
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
High
CVE-2008-6855
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
High
CVE-2008-6854
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
2009-07-10
Critical
CVE-2009-2422
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead…
2009-07-08
Critical
CVE-2009-2382
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
2009-07-01
High
CVE-2009-2293
Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.
2009-06-30
High
CVE-2009-2257
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) sta…
2009-06-26
High
CVE-2009-2233
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.
High
CVE-2009-2231
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
2009-06-22
Critical
CVE-2009-2168
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypa…
2009-06-18
High
CVE-2009-2117
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.
2009-06-12
High
CVE-2009-2040
admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct req…
2009-06-10
High
CVE-2009-1122
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read…
High
CVE-2009-1535
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files,…
2009-06-09
High
CVE-2009-2025
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to cert…
2009-06-08
High
CVE-2009-2003
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
2009-06-01
High
CVE-2009-1854
Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.
2009-05-26
High
CVE-2009-1787
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) usernam…
2009-05-20
High
CVE-2009-1739
PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid user…
2009-05-15
High
CVE-2009-1638
Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.
2009-05-12
High
CVE-2009-1619
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
High
CVE-2009-1618
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
High
CVE-2009-1617
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
2009-05-11
High
CVE-2008-6804
Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party r…
2009-05-07
High
CVE-2009-1587
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certa…
2009-05-06
High
CVE-2009-1549
AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."
2009-05-01
High
CVE-2009-1504
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
2009-04-29
High
CVE-2009-1489
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
2009-04-28
High
CVE-2008-6763
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
2009-04-22
High
CVE-2008-6743
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.p…
2009-04-21
High
CVE-2008-6738
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
2009-04-14
High
CVE-2008-6723
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
2009-04-10
High
CVE-2008-6714
admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie.
2009-04-09
High
CVE-2009-1155
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-…
2009-04-08
High
CVE-2008-6667
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.
High
CVE-2008-6664
action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.
2009-04-02
High
CVE-2008-6581
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
2009-03-27
High
CVE-2009-0630
The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible…
2009-03-25
Medium
CVE-2008-6524
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separ…
High
CVE-2008-6523
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerabi…
2009-03-24
High
CVE-2009-1050
Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
2009-03-23
High
CVE-2008-6508
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a ..…
2009-03-19
High
CVE-2009-0964
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL in…
2009-03-10
High
CVE-2009-0864
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
2009-03-09
Medium
CVE-2009-0853
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as d…
2009-03-06
High
CVE-2008-6411
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
2009-02-26
High
CVE-2008-6307
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
High
CVE-2008-6302
TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php.
Critical
CVE-2009-0614
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass au…
High
CVE-2008-6300
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this i…
High
CVE-2008-6296
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
High
CVE-2008-6294
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."
High
CVE-2008-6293
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
High
CVE-2008-6292
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
High
CVE-2008-6291
Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin".
2009-02-25
High
CVE-2008-6269
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username…
2009-02-20
High
CVE-2008-6232
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
High
CVE-2008-6231
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
High
CVE-2008-6228
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
High
CVE-2008-6162
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
2009-02-16
High
CVE-2008-6143
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
2009-02-11
High
CVE-2008-6118
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
2009-02-10
High
CVE-2009-0461
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
High
CVE-2009-0460
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
2009-02-09
High
CVE-2008-6092
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
2009-02-06
Medium
CVE-2002-2427
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerabi…
2009-02-03
High
CVE-2009-0412
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the R…